Configuring use of SHA-256 in the IdP
Cantor, Scott
cantor.2 at osu.edu
Wed Jul 10 10:33:50 EDT 2013
I have updated a page kindly created by Scott Koranda to reflect the
availability of a beta bean created by Brent that will allow you to
customize the IdP's global security settings and set any algorithms you
want to set for signing or encryption. The primary use case for this is
switching from SHA-1 to SHA-256 when signing.
https://wiki.shibboleth.net/confluence/x/H4O3
I have tested the instructions there with my IdP and it "just worked" so I
think they're accurate.
The bean itself is a snapshot at this point that you can obtain using svn
and maven, but when he's back from vacation Brent will tag the 1.0.0
release and we'll publish it officially.
As the page notes, you may well break something if you just deploy this
without testing some partners, and unfortunately it is limited by IdP
design constraints to a global change.
If people learn things about software issues involved in support for
SHA-2, feel free to add notes to the section on the page.
-- Scott
More information about the users
mailing list